Required Privileges

Use of the MTA SDK often requires access rights to the MTA message queues and
configuration data. Indeed, were such rights not required, then any user capable of
logging in to the operating system of the machine running Messaging Server could read
messages out of the MTA message queues and send fraudulent mail messages. Consequently,
any programs using the MTA SDK need read access to the MTA configuration, possibly
including files with credentials required to bind to either the Job Controller or
an LDAP server or both. Additionally, programs that will enqueue messages to the MTA
need write access to the MTA message queues. Programs that will dequeue messages from
the MTA need read, write, and delete access to the MTA message queues.

To facilitate this access, site-developed programs that will enqueue or dequeue
messages should be owned and run by the account used for Messaging Server. The programs
do not need to run as a superuser with root access in order to
enqueue or dequeue mail to the MTA. However, it is safe to allow them to do so, if
needed for concerns outside the scope of Messaging Server. For instance, if the program
will be performing other functions requiring system access rights, it needs to run
as a superuser with root access.